In this paper, we design a Reputation-based Diffusion Routing (RDR) algorithm based on the reputation evaluation model for selective forwarding attacks in wireless sensor network routing. We introduce the reputation evaluation model to gather the monitoring mechanism of neighbor nodes to obtain more comprehensive security performance. The algorithm judges whether the routing is successful or not through the neighbor node monitoring and evaluates the reputation to defend the selective forwarding attack of internal nodes. It can bypass the area of malicious nodes, improve the success rate of data routing, and reduce energy consumption. The experimental results verify that the RDR algorithm can maintain a high transmission rate with a small energy consumption and can effectively defend malicious nodes.
{"title":"A secure routing protocol for wireless sensor network","authors":"Peishun Ye","doi":"10.1117/12.3031963","DOIUrl":"https://doi.org/10.1117/12.3031963","url":null,"abstract":"In this paper, we design a Reputation-based Diffusion Routing (RDR) algorithm based on the reputation evaluation model for selective forwarding attacks in wireless sensor network routing. We introduce the reputation evaluation model to gather the monitoring mechanism of neighbor nodes to obtain more comprehensive security performance. The algorithm judges whether the routing is successful or not through the neighbor node monitoring and evaluates the reputation to defend the selective forwarding attack of internal nodes. It can bypass the area of malicious nodes, improve the success rate of data routing, and reduce energy consumption. The experimental results verify that the RDR algorithm can maintain a high transmission rate with a small energy consumption and can effectively defend malicious nodes.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141378402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yao Feng, Guihe Qin, Zizhan Zhang, Guofeng Wang, Kunpeng Wang
The CAN network bus is one of the most widely used buses in the vehicle, but the lack of sufficient security mechanisms allows criminals to maliciously attack the vehicle, which is a very serious security risk. In this paper, an identity-based encryption algorithm is used to design a secure communication protocol for an in-vehicle CAN network. Compared with the method based on digital certificates, it reduces the overhead of verification, management, and storage of digital certificates. The combination of asymmetric key and symmetric key ensures sufficient security and a small-time cost for the data communication phase. In addition, the Hash Message Authentication Code (HMAC) is used to ensure the integrity and authenticity of the data during the transmission phase. Experimental results show that the proposed protocol can resist forgery attacks, tampering attacks, and replay attacks, and meet the real-time requirements of automotive-grade microcontrollers.
CAN 网络总线是车辆中应用最广泛的总线之一,但由于缺乏足够的安全机制,犯罪分子可以对车辆进行恶意攻击,这是一个非常严重的安全隐患。本文采用基于身份的加密算法设计了车载 CAN 网络的安全通信协议。与基于数字证书的方法相比,它减少了验证、管理和存储数字证书的开销。非对称密钥和对称密钥的结合确保了足够的安全性,并降低了数据通信阶段的时间成本。此外,哈希信息验证码(HMAC)用于确保数据在传输阶段的完整性和真实性。实验结果表明,所提出的协议可以抵御伪造攻击、篡改攻击和重放攻击,满足汽车级微控制器的实时性要求。
{"title":"In-vehicle CAN bus security communication protocol based on identity encryption","authors":"Yao Feng, Guihe Qin, Zizhan Zhang, Guofeng Wang, Kunpeng Wang","doi":"10.1117/12.3031907","DOIUrl":"https://doi.org/10.1117/12.3031907","url":null,"abstract":"The CAN network bus is one of the most widely used buses in the vehicle, but the lack of sufficient security mechanisms allows criminals to maliciously attack the vehicle, which is a very serious security risk. In this paper, an identity-based encryption algorithm is used to design a secure communication protocol for an in-vehicle CAN network. Compared with the method based on digital certificates, it reduces the overhead of verification, management, and storage of digital certificates. The combination of asymmetric key and symmetric key ensures sufficient security and a small-time cost for the data communication phase. In addition, the Hash Message Authentication Code (HMAC) is used to ensure the integrity and authenticity of the data during the transmission phase. Experimental results show that the proposed protocol can resist forgery attacks, tampering attacks, and replay attacks, and meet the real-time requirements of automotive-grade microcontrollers.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141376239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the rapid development of in-vehicle network technology, vehicle safety and protection are facing more and more challenges. The vehicle CAN bus is the main network for vehicle internal communication. However, due to its lack of necessary security mechanisms, the vehicle CAN bus is vulnerable to intrusion attacks. Therefore, developing an effective intrusion detection model is crucial to secure vehicle networks. This study proposes a vehicle CAN bus intrusion detection model based on Bayesian network. This model utilizes the probabilistic reasoning of Bayesian networks and the update characteristics of conditional probability, combined with the characteristic attributes of the vehicle CAN bus, to achieve accurate detection of potential intrusion behaviors. By learning historical data, the conditional probability of the Bayesian network can be updated to achieve real-time detection and prediction of intrusion behavior. In order to verify the effectiveness of the model, we used a real vehicle CAN bus data set for experiments. Experimental results show that the intrusion detection model based on Bayesian network has achieved good results in identifying and predicting intrusion behavior of the vehicle CAN bus. Compared with traditional intrusion detection methods, this model can provide higher accuracy and lower false alarm rate, effectively protecting the security of in-vehicle networks.
随着车载网络技术的飞速发展,车辆的安全保护面临着越来越多的挑战。车载 CAN 总线是车辆内部通信的主要网络。然而,由于缺乏必要的安全机制,车辆 CAN 总线很容易受到入侵攻击。因此,开发一种有效的入侵检测模型对确保车辆网络安全至关重要。本研究提出了一种基于贝叶斯网络的车辆 CAN 总线入侵检测模型。该模型利用贝叶斯网络的概率推理和条件概率的更新特性,结合车辆 CAN 总线的特征属性,实现对潜在入侵行为的精确检测。通过学习历史数据,可以更新贝叶斯网络的条件概率,从而实现对入侵行为的实时检测和预测。为了验证模型的有效性,我们使用了真实的车辆 CAN 总线数据集进行实验。实验结果表明,基于贝叶斯网络的入侵检测模型在识别和预测车辆 CAN 总线入侵行为方面取得了良好的效果。与传统的入侵检测方法相比,该模型能提供更高的准确率和更低的误报率,有效地保护了车载网络的安全。
{"title":"Vehicle CAN bus intrusion detection model based on Bayesian network","authors":"Kangyao Dong","doi":"10.1117/12.3032074","DOIUrl":"https://doi.org/10.1117/12.3032074","url":null,"abstract":"With the rapid development of in-vehicle network technology, vehicle safety and protection are facing more and more challenges. The vehicle CAN bus is the main network for vehicle internal communication. However, due to its lack of necessary security mechanisms, the vehicle CAN bus is vulnerable to intrusion attacks. Therefore, developing an effective intrusion detection model is crucial to secure vehicle networks. This study proposes a vehicle CAN bus intrusion detection model based on Bayesian network. This model utilizes the probabilistic reasoning of Bayesian networks and the update characteristics of conditional probability, combined with the characteristic attributes of the vehicle CAN bus, to achieve accurate detection of potential intrusion behaviors. By learning historical data, the conditional probability of the Bayesian network can be updated to achieve real-time detection and prediction of intrusion behavior. In order to verify the effectiveness of the model, we used a real vehicle CAN bus data set for experiments. Experimental results show that the intrusion detection model based on Bayesian network has achieved good results in identifying and predicting intrusion behavior of the vehicle CAN bus. Compared with traditional intrusion detection methods, this model can provide higher accuracy and lower false alarm rate, effectively protecting the security of in-vehicle networks.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141377959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As a typical application basic development tool, C language programming has strong foundation and practicability in practical application. For most beginners of programming, how to effectively carry out the introduction and improvement of C language program is particularly important. Based on the above problems, this paper puts forward the methods and ideas of innovative design of C language program based on game development orientation, actively stimulates the enthusiasm and initiative of application learning, and introduces simple and easy small game content links to make learning interesting and practical. Through the innovative design of C language program based on the game development orientation, the application depth and learning efficiency of beginners are improved, and a good effect of innovative design practice is shown.
{"title":"Innovative design and analysis of C language program based on game development orientation","authors":"Jing Ning, Qingquan Cui","doi":"10.1117/12.3032009","DOIUrl":"https://doi.org/10.1117/12.3032009","url":null,"abstract":"As a typical application basic development tool, C language programming has strong foundation and practicability in practical application. For most beginners of programming, how to effectively carry out the introduction and improvement of C language program is particularly important. Based on the above problems, this paper puts forward the methods and ideas of innovative design of C language program based on game development orientation, actively stimulates the enthusiasm and initiative of application learning, and introduces simple and easy small game content links to make learning interesting and practical. Through the innovative design of C language program based on the game development orientation, the application depth and learning efficiency of beginners are improved, and a good effect of innovative design practice is shown.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141377846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Microservices are popular because they have the advantages of loose coupling, low cohesion, and small and autonomous compared to monolithic systems. And when it comes to cloud deployment, it also has a natural advantage. As a result, more practitioners today choose to refactor monolithic applications into one or more microservices, each of which contains a set of partitions composed of components that point to some specific function of the original monolith, so that the entire software system can be represented by a graph, each component can be regarded as a node, and the dependencies between components can be regarded as edges between nodes. In recent years, there has been an approach to using graph neural networks (GNN) to help migrate from monoliths to microservices. However, due to the differences in the research field, some developers rely heavily on the source code of the monolithic system as an important basis for migration, but in the software field, the business information of the project also has a strong symbol for different microservices. Therefore, we will use GNN to comprehensively migrate microservices from the perspectives of business information and source code in the project. The findings indicate that our methodology is superior in efficiency compared to the migration of single features extracted solely from source code.
{"title":"An approach for microservices-oriented migration based on business information and GNN","authors":"Yantao Yang, Cheng Zhang","doi":"10.1117/12.3032029","DOIUrl":"https://doi.org/10.1117/12.3032029","url":null,"abstract":"Microservices are popular because they have the advantages of loose coupling, low cohesion, and small and autonomous compared to monolithic systems. And when it comes to cloud deployment, it also has a natural advantage. As a result, more practitioners today choose to refactor monolithic applications into one or more microservices, each of which contains a set of partitions composed of components that point to some specific function of the original monolith, so that the entire software system can be represented by a graph, each component can be regarded as a node, and the dependencies between components can be regarded as edges between nodes. In recent years, there has been an approach to using graph neural networks (GNN) to help migrate from monoliths to microservices. However, due to the differences in the research field, some developers rely heavily on the source code of the monolithic system as an important basis for migration, but in the software field, the business information of the project also has a strong symbol for different microservices. Therefore, we will use GNN to comprehensively migrate microservices from the perspectives of business information and source code in the project. The findings indicate that our methodology is superior in efficiency compared to the migration of single features extracted solely from source code.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141375899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vulnerability identification is a crucial quality assurance step in software engineering, dedicated to discovering and handling potential errors and abnormal behavior in source code. Most vulnerability detection methods are designed for conventional programming languages. With the widespread adoption of low-code development, there is a need for a vulnerability detection method specifically tailored to low-code environments. Thus, we present a robust low-code vulnerability identification model by integrating Convolutional Neural Network Text Classification (TextCNN) and an attention mechanism. The resulting model is capable of recognizing potential irregular patterns in the low code, assisting developers in promptly identifying and addressing potential software defects. It holds significant importance in enhancing the maintainability, stability, and security of the system. Simultaneously, it offers substantial support for the company's software development efforts and mitigates the risk of software defects. The experimental results demonstrate that the method in this paper can achieve accurate low-code vulnerability identification.
{"title":"Low-code vulnerability identification based on TextCNN","authors":"Yuqiong Wang, Yuxiao Zhao, Xiang Wang, Weidong Tang, Jinhui Zhang, Zhaojie Yang, Peng Wang, Jian Hu","doi":"10.1117/12.3031890","DOIUrl":"https://doi.org/10.1117/12.3031890","url":null,"abstract":"Vulnerability identification is a crucial quality assurance step in software engineering, dedicated to discovering and handling potential errors and abnormal behavior in source code. Most vulnerability detection methods are designed for conventional programming languages. With the widespread adoption of low-code development, there is a need for a vulnerability detection method specifically tailored to low-code environments. Thus, we present a robust low-code vulnerability identification model by integrating Convolutional Neural Network Text Classification (TextCNN) and an attention mechanism. The resulting model is capable of recognizing potential irregular patterns in the low code, assisting developers in promptly identifying and addressing potential software defects. It holds significant importance in enhancing the maintainability, stability, and security of the system. Simultaneously, it offers substantial support for the company's software development efforts and mitigates the risk of software defects. The experimental results demonstrate that the method in this paper can achieve accurate low-code vulnerability identification.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141381552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the continuous development of Software-focused equipment, information equipment, as fundamental platform, needs to update functions, even reconfiguration. In the face of the generalization and servicelization, in order to realize the AI and software-define- equipment, systematic software supportability engineering is adopted. For core supporting software, based on software capability basement model, the architectural design details of the next-generation Information equipment are described, software management process is summarized including software grading, management demand and implementing keys. Based on the capability basement model, the defect rate of review is monitored and controlled. Using the process data model and capability model, the defect rate after delivery is predicted, and reliability is analyzed. The method provides key technically feasible research approach and provides case reference for next generation information equipment.
{"title":"Core software supportability engineering of new generation information equipment","authors":"haoyu qu","doi":"10.1117/12.3031926","DOIUrl":"https://doi.org/10.1117/12.3031926","url":null,"abstract":"With the continuous development of Software-focused equipment, information equipment, as fundamental platform, needs to update functions, even reconfiguration. In the face of the generalization and servicelization, in order to realize the AI and software-define- equipment, systematic software supportability engineering is adopted. For core supporting software, based on software capability basement model, the architectural design details of the next-generation Information equipment are described, software management process is summarized including software grading, management demand and implementing keys. Based on the capability basement model, the defect rate of review is monitored and controlled. Using the process data model and capability model, the defect rate after delivery is predicted, and reliability is analyzed. The method provides key technically feasible research approach and provides case reference for next generation information equipment.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141380982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the increasing complexity of software and the diversification of vulnerability forms, manual vulnerability mining can no longer meet the needs of software vulnerability mining, and automated vulnerability mining methods are becoming increasingly important. Fuzzing is one of the popular automated vulnerability mining techniques, which is widely used in software vulnerability mining due to its ease of deployment and efficiency. However, fuzzing has strong randomness, which leads to the generation of a large number of redundant and invalid inputs during the fuzzing process, wasting program execution time, resulting in low code coverage, and only a small number of inputs can truly trigger program exceptions. Therefore, the research on oriented fuzzing methods is becoming increasingly important. This article proposes a fuzzing method based on suspicious basic blocks, which uses LLVM in the static analysis stage to analyze the target program and identify the code that may have vulnerabilities. In fuzzing, tracking the execution of these codes, recording edge coverage information, prioritizing the selection of seeds that can trigger potential vulnerability areas for testing, and verifying the effectiveness of the proposed method through experiments.
{"title":"Fuzzing technology based on suspicious basic block orientation","authors":"Yifan Feng","doi":"10.1117/12.3032100","DOIUrl":"https://doi.org/10.1117/12.3032100","url":null,"abstract":"With the increasing complexity of software and the diversification of vulnerability forms, manual vulnerability mining can no longer meet the needs of software vulnerability mining, and automated vulnerability mining methods are becoming increasingly important. Fuzzing is one of the popular automated vulnerability mining techniques, which is widely used in software vulnerability mining due to its ease of deployment and efficiency. However, fuzzing has strong randomness, which leads to the generation of a large number of redundant and invalid inputs during the fuzzing process, wasting program execution time, resulting in low code coverage, and only a small number of inputs can truly trigger program exceptions. Therefore, the research on oriented fuzzing methods is becoming increasingly important. This article proposes a fuzzing method based on suspicious basic blocks, which uses LLVM in the static analysis stage to analyze the target program and identify the code that may have vulnerabilities. In fuzzing, tracking the execution of these codes, recording edge coverage information, prioritizing the selection of seeds that can trigger potential vulnerability areas for testing, and verifying the effectiveness of the proposed method through experiments.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141379990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xing Zhang, Jiaruo Li, Yiran Cao, Zhaoming Su, Shitao Jiang
To protect the location privacy of key nodes in transmission routing, we have studied a trajectory privacy preserving method for transmission resources. By anonymizing the gis information of the whole route, that is, anonymizing all the location information including the first and last stations of the route. Firstly, the internal point of the whole optical cable is protected by grid protection method, and then a method based on Bayesian reasoning is proposed to protect the location privacy of the endpoints including starting point and destination. Through Bayesian inference process, it is proved that the starting point of optical cable routing can be protected by shear the point closest to the starting point and the destination, and the destination location protection algorithm can be obtained in the same way. In order to further improve the endpoints protection performance, we divide the day into different time spans according to the scene of optical cable inspection, and then integrate the anonymization process into this time span. By comparing the two endpoints prediction algorithms with Syn_sub and PBT, it is proved that the proposed endpoints protection algorithm is more effective than the classical algorithm.
{"title":"Trajectory privacy preserving method for transmission resources","authors":"Xing Zhang, Jiaruo Li, Yiran Cao, Zhaoming Su, Shitao Jiang","doi":"10.1117/12.3031947","DOIUrl":"https://doi.org/10.1117/12.3031947","url":null,"abstract":"To protect the location privacy of key nodes in transmission routing, we have studied a trajectory privacy preserving method for transmission resources. By anonymizing the gis information of the whole route, that is, anonymizing all the location information including the first and last stations of the route. Firstly, the internal point of the whole optical cable is protected by grid protection method, and then a method based on Bayesian reasoning is proposed to protect the location privacy of the endpoints including starting point and destination. Through Bayesian inference process, it is proved that the starting point of optical cable routing can be protected by shear the point closest to the starting point and the destination, and the destination location protection algorithm can be obtained in the same way. In order to further improve the endpoints protection performance, we divide the day into different time spans according to the scene of optical cable inspection, and then integrate the anonymization process into this time span. By comparing the two endpoints prediction algorithms with Syn_sub and PBT, it is proved that the proposed endpoints protection algorithm is more effective than the classical algorithm.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141379604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cache isolation is a highly effective method for defending against cache side-channel attacks. This approach divides the cache into different isolation domains, assigning distinct domains to mutually untrusted processes, preventing processes from sharing the cache across domains. However, existing solutions have certain limitations. Cache partitioning based on ways has a limited number of isolation domains and may not fully meet users' practical needs. Page coloring schemes require proportional allocation of memory and cache, which is inflexible. This paper introduces ICS, a flexible and secure cache isolation solution. ICS supports up to hundreds of isolation domains, with memory allocation independent of the cache. Additionally, domain management is convenient. ICS is a set isolation solution, with its core being SMT. SMT modifies the mapping relationship between memory and LLC, directing the memory of different isolation domains to distinct cache sets. Implemented with a 1MB 16-way LLC, ICS can support a maximum of 512 isolation domains, with a storage overhead of approximately 1.3% and performance loss of around 1%. It represents a cost-effective method for defending against cache side-channel attacks.
{"title":"Isolate cache shield: defending cache attacks via cache set isolation","authors":"Kai Nie, Rongcai Zhao, Xiao Zhang, tongguang li","doi":"10.1117/12.3032005","DOIUrl":"https://doi.org/10.1117/12.3032005","url":null,"abstract":"Cache isolation is a highly effective method for defending against cache side-channel attacks. This approach divides the cache into different isolation domains, assigning distinct domains to mutually untrusted processes, preventing processes from sharing the cache across domains. However, existing solutions have certain limitations. Cache partitioning based on ways has a limited number of isolation domains and may not fully meet users' practical needs. Page coloring schemes require proportional allocation of memory and cache, which is inflexible. This paper introduces ICS, a flexible and secure cache isolation solution. ICS supports up to hundreds of isolation domains, with memory allocation independent of the cache. Additionally, domain management is convenient. ICS is a set isolation solution, with its core being SMT. SMT modifies the mapping relationship between memory and LLC, directing the memory of different isolation domains to distinct cache sets. Implemented with a 1MB 16-way LLC, ICS can support a maximum of 512 isolation domains, with a storage overhead of approximately 1.3% and performance loss of around 1%. It represents a cost-effective method for defending against cache side-channel attacks.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141378643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: